infra-geo-ouverte · mbarbeau · Apr 8, 2021 · Nov 20, 2020 · Jan 21, 2021 · Feb 16, 2021
diff --git a/packages/auth/src/lib/shared/auth.interceptor.ts b/packages/auth/src/lib/shared/auth.interceptor.ts
@@ -11,6 +11,7 @@ import { Md5 } from 'ts-md5';
 
 import { ConfigService } from '@igo2/core';
 import { TokenService } from './token.service';
+import { WithCredentialsOptions } from './auth.interface';
 
 @Injectable({
   providedIn: 'root'
@@ -24,16 +25,27 @@ export class AuthInterceptor implements HttpInterceptor {
     return trustHosts;
   }
 
+  private get hostsWithCredentials(): WithCredentialsOptions[] {
+    return this.config.getConfig('auth.hostsWithCredentials') || [];
+  }
+
   constructor(
     private config: ConfigService,
     private tokenService: TokenService,
     private http: HttpClient
   ) {}
 
   intercept(
-    req: HttpRequest<any>,
+    originalReq: HttpRequest<any>,
     next: HttpHandler
   ): Observable<HttpEvent<any>> {
+    const withCredentials = this.handleHostsWithCredentials(originalReq.url);
+    let req = originalReq.clone();
+    if (withCredentials) {
+      req = originalReq.clone({
+        withCredentials
+      });
+    }
     this.refreshToken();
     const token = this.tokenService.get();
     const element = document.createElement('a');
@@ -72,6 +84,12 @@ export class AuthInterceptor implements HttpInterceptor {
   }
 
   interceptXhr(xhr, url: string): boolean {
+    const withCredentials = this.handleHostsWithCredentials(url);
+    if (withCredentials) {
+       xhr.withCredentials = withCredentials;
+       return true;
+    }
+
     this.refreshToken();
     const element = document.createElement('a');
     element.href = url;
@@ -84,6 +102,18 @@ export class AuthInterceptor implements HttpInterceptor {
     return true;
   }
 
+  private handleHostsWithCredentials(reqUrl: string) {
+    let withCredentials = false;
+    for (const hostWithCredentials of this.hostsWithCredentials) {
+      const domainRegex = new RegExp(hostWithCredentials.domainRegFilters);
+      if (domainRegex.test(reqUrl)) {
+        withCredentials = hostWithCredentials.withCredentials !== undefined ? hostWithCredentials.withCredentials : undefined;
+        break;
+      }
+    }
+    return withCredentials;
+  }
+
   refreshToken() {
     const jwt = this.tokenService.decode();
     const currentTime = new Date().getTime() / 1000;

diff --git a/packages/auth/src/lib/shared/auth.interface.ts b/packages/auth/src/lib/shared/auth.interface.ts
@@ -19,7 +19,7 @@ export interface AuthMicrosoftOptions {
 }
 
 export interface AuthOptions {
-  url: string;
+  url?: string;
   tokenKey: string;
   allowAnonymous?: boolean;
   loginRoute?: string;
@@ -31,7 +31,12 @@ export interface AuthOptions {
   microsoft?: AuthMicrosoftOptions;
   trustHosts?: string[];
   profilsGuard?: string[];
+  hostsWithCredentials?: WithCredentialsOptions[];
 }
+export interface WithCredentialsOptions {
+  withCredentials?: boolean;
+  domainRegFilters?: string;
+ }
 
 export interface User {
   source?: string;